We have upgraded the community system as part of the upgrade a password reset is required for all users before login in.

openvpn



  • Re: VPN anyone?
    Hi, has anyone tried using the omega2 as openvpn client..? and if so, would you please care to share how you got it to work?
    I've noticed on the changelog, strongswan has recently been implemented, though no info on how to set up/use it as client

    (b161

    March 2, 2017

    Added following packages to Onion repo: * avahi-utils * midnight commander (mc) * strongswan vpn)

    Cheers!



  • Not sure if it's wise to get a low-end CPU without h/w crypto accelerator to do the
    heavy lifting on VPN? May be it will work, but at what speed?

    < add a correction >
    MT7688 has a module for AES128/256 in CBC mode.
    Its current use is for encrypted channel in WiFi.

    ccs_hello



  • Performance shouldn't be too worrysome - assuming the Onion is the endpoint - it's CPU/IO limited in itself, so the VPN overhead will surely make it worse, but I'd imagine it's like dropping from 200KB/s to 100KB/s. A large overhead, but if we're honest, it's something you can adapt to.



  • Hello,
    i'm successfully using OpenVPN client with Omega2+ using AES-128 encryption without any cpu overhead problem. I'm using the LEDE project distribution re-built after re-configuring it through the 'make menuconfig'. A short steps list follows:

    • Download from github (git clone) the latest LEDE project source repository
    • 'make menuconfig' and add OpenVPN plus SSL and Crypto libraries (and some other useful stuff you need)
    • 'make', then copy the created firmware file (.bin) found in the bin/<target> directory to a USB key root
    • rename the firmware bin file to 'omega2.bin'
    • insert the USB key into the USB interface of the Omega 2 Dock, keep pressed the reset button and then power-on the board. - from the menu choose the command '2', then wait for the firmware file being flashed. lede distribution then will boot.
    • edit /etc/config/openvpn with your openvpn configuration (see openvpn manuals) and copy all certificates to /etc/openvpn directory
    • /etc/init.d/openvpn restart and you shoud be able to use openvpn as a client.

    Hope this will help!

    Leo



  • Hi @Leonardo-Costa , could you please explain in detail how you did it? I´m quite a newbie in this and not sure how to do it, because I really want to achieve this.

    Thanks in advance.

    Diego.



  • How to install it remotely?



  • @Lazar-Demin Can you answer? How to inatall openvpn client?
    Can you include it to next build?
    I can't compile from sources so that everything works.



  • @Alexandr-Didenko why do you need to build openvpn client? Just install it. There is ample documentation on how to do this on OpenWRT.org.

    On Omega you get a kernel version error but just add --force-depends parameter and it installs correctly and starts the interfaces.



  • @crispyoz It is installed incorrectly. This doesn't work



  • @Alexandr-Didenko you need to be specific about what is not working.



  • @crispyoz

    root@BSR6-6E13:~# opkg install openvpn
    Installing openvpn-mbedtls (2.4.9-1) to root...
    Downloading http://downloads.openwrt.org/snapshots/packages/mipsel_24kc/base/openvpn-mbedtls_2.4.9-1_mipsel_24kc.ipk
    Collected errors:
     * opkg_install_pkg: Package openvpn-mbedtls sha256sum mismatch. Either the opkg or the package index are corrupt. Try 'opkg update'.
     * opkg_install_cmd: Cannot install package openvpn.
    
    root@BSR6-6E13:~# opkg install openvpn --force-depends
    Installing openvpn-mbedtls (2.4.9-1) to root...
    Downloading http://downloads.openwrt.org/snapshots/packages/mipsel_24kc/base/openvpn-mbedtls_2.4.9-1_mipsel_24kc.ipk
    Collected errors:
     * opkg_install_pkg: Package openvpn-mbedtls sha256sum mismatch. Either the opkg or the package index are corrupt. Try 'opkg update'.
     * opkg_install_cmd: Cannot install package openvpn.
    


  • @Alexandr-Didenko

    # Omega2+
    # OpenWrt 18.06 based official FW v0.3.2 b239
    # default (out-of-the-box) /etc/opkg/distfeeds.conf file
    
    root@Omega-5BE1:/# opkg update
     ...
    
    root@Omega-5BE1:/# opkg list | grep -i openvpn
    kmod-wireguard - 4.14.81+0.0.20180718-2 - WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN.  WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. It uses UDP.  This package provides the kernel module for WireGuard.
    openvpn-easy-rsa - 3.0.1-1 - CLI utility to build and manage a PKI CA.
    openvpn-mbedtls - 2.4.5-4 - Open source VPN solution using mbedTLS
    openvpn-nossl - 2.4.5-4 - Open source VPN solution using plaintext (no SSL)
    openvpn-openssl - 2.4.5-4 - Open source VPN solution using OpenSSL
    wireguard - 0.0.20180718-2 - WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN.  WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. It uses UDP.
    wireguard-tools - 0.0.20180718-2 - WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN.  WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. It uses UDP.  This package provides the userspace control program for WireGuard, `wg(8)`, a netifd protocol helper, and a re-resolve watchdog script.
    

    OpenWrt VPN Overview

    OpenWrt OpenVPN basic
    OpenWrt OpenVPN client
    OpenWrt OpenVPN extras

    OpenWrt WireGuard VPN

    Good luck!



Looks like your connection to Community was lost, please wait while we try to reconnect.